Vulnerabilites related to codename065 - Download Manager
CVE-2024-4160 (GCVE-0-2024-4160)
Vulnerability from cvelistv5
Published
2024-05-31 09:31
Modified
2024-08-01 20:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.90 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T13:51:09.688746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:41.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.90",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm-all-packages\u0027 shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T09:31:39.856Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T20:30:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4160",
"datePublished": "2024-05-31T09:31:39.856Z",
"dateReserved": "2024-04-25T01:20:56.931Z",
"dateUpdated": "2024-08-01T20:33:52.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6954 (GCVE-0-2023-6954)
Vulnerability from cvelistv5
Published
2024-03-13 15:26
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.85 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T18:46:07.223029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:15.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.85",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Richard Telleng"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:51.116Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6954",
"datePublished": "2024-03-13T15:26:51.116Z",
"dateReserved": "2023-12-19T16:16:42.286Z",
"dateUpdated": "2024-08-02T08:42:08.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11740 (GCVE-0-2024-11740)
Vulnerability from cvelistv5
Published
2024-12-19 05:24
Modified
2024-12-19 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.03 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:25.581814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:30.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:55.981Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11740",
"datePublished": "2024-12-19T05:24:55.981Z",
"dateReserved": "2024-11-26T12:37:35.772Z",
"dateUpdated": "2024-12-19T16:38:30.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4367 (GCVE-0-2025-4367)
Vulnerability from cvelistv5
Published
2025-06-19 03:40
Modified
2025-06-20 13:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.18 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:38:24.397807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:10.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:40:13.166Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/profile.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/wpdm-functions.php#L200"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3313608%40download-manager\u0026old=3308801%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-06-16T19:43:11.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T15:05:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4367",
"datePublished": "2025-06-19T03:40:13.166Z",
"dateReserved": "2025-05-05T18:08:42.449Z",
"dateUpdated": "2025-06-20T13:12:10.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5266 (GCVE-0-2024-5266)
Vulnerability from cvelistv5
Published
2024-06-12 08:33
Modified
2024-08-01 21:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.92 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:10:42.625142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:10:53.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.92",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T08:33:18.925Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-11T19:58:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5266",
"datePublished": "2024-06-12T08:33:18.925Z",
"dateReserved": "2024-05-23T12:32:56.390Z",
"dateUpdated": "2024-08-01T21:11:12.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1785 (GCVE-0-2025-1785)
Vulnerability from cvelistv5
Published
2025-03-13 07:31
Modified
2025-03-13 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.08 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T20:12:52.787359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T20:13:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.08",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zhuxuan wu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the \u0027wpdm_newfile\u0027 action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T07:31:39.039Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3252990%40download-manager\u0026new=3252990%40download-manager\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1785",
"datePublished": "2025-03-13T07:31:39.039Z",
"dateReserved": "2025-02-28T16:12:41.242Z",
"dateUpdated": "2025-03-13T20:13:02.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6785 (GCVE-0-2023-6785)
Vulnerability from cvelistv5
Published
2024-03-13 15:26
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.84 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T17:33:50.113153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:17.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3038209%40download-manager%2Ftrunk\u0026old=3022104%40download-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.84",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:58.832Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3038209%40download-manager%2Ftrunk\u0026old=3022104%40download-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6785",
"datePublished": "2024-03-13T15:26:58.832Z",
"dateReserved": "2023-12-13T15:52:15.178Z",
"dateUpdated": "2024-08-02T08:42:07.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2305 (GCVE-0-2023-2305)
Vulnerability from cvelistv5
Published
2023-06-09 05:33
Modified
2024-12-20 23:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2906403%40download-manager\u0026new=2906403%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:24:47.222601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:38:38.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.70",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027wpdm_members\u0027, \u0027wpdm_login_form\u0027, \u0027wpdm_reg_form\u0027 shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T05:33:25.665Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2906403%40download-manager\u0026new=2906403%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-25T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-04-25T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-05-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2305",
"datePublished": "2023-06-09T05:33:25.665Z",
"dateReserved": "2023-04-26T13:52:44.616Z",
"dateUpdated": "2024-12-20T23:38:38.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1766 (GCVE-0-2024-1766)
Vulnerability from cvelistv5
Published
2024-06-12 11:05
Modified
2024-08-01 18:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.86 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "download_manager",
"vendor": "w3eden",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:16:34.555528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:20:14.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user\u0027s Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T11:05:08.210Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1766",
"datePublished": "2024-06-12T11:05:08.210Z",
"dateReserved": "2024-02-22T16:31:27.978Z",
"dateUpdated": "2024-08-01T18:48:21.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11768 (GCVE-0-2024-11768)
Vulnerability from cvelistv5
Published
2024-12-19 05:24
Modified
2024-12-19 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.03 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:22.940689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emiliano Versini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:56.535Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-02T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download manager \u003c= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11768",
"datePublished": "2024-12-19T05:24:56.535Z",
"dateReserved": "2024-11-26T15:16:24.789Z",
"dateUpdated": "2024-12-19T16:38:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2098 (GCVE-0-2024-2098)
Vulnerability from cvelistv5
Published
2024-06-13 05:34
Modified
2024-08-01 19:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.89 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:53:39.905967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:53:50.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.89",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Moritz \u00d6hrlein"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the \u0027protectMediaLibrary\u0027 function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-289 Authentication Bypass by Alternate Name",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T05:34:44.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.89 - Improper Authorization via protectMediaLibrary"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2098",
"datePublished": "2024-06-13T05:34:44.893Z",
"dateReserved": "2024-03-01T15:59:07.828Z",
"dateUpdated": "2024-08-01T19:03:38.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3056 (GCVE-0-2025-3056)
Vulnerability from cvelistv5
Published
2025-04-18 08:21
Modified
2025-04-18 12:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:37:22.730415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:22.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siavash Vaez Afshar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T08:21:37.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3275196/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-17T19:29:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3056",
"datePublished": "2025-04-18T08:21:37.036Z",
"dateReserved": "2025-03-31T20:51:31.221Z",
"dateUpdated": "2025-04-18T12:00:22.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3404 (GCVE-0-2025-3404)
Vulnerability from cvelistv5
Published
2025-04-19 07:23
Modified
2025-04-21 14:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.3.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:11:07.637024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:11:45.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
},
{
"lang": "en",
"type": "finder",
"value": "Audrey Fran\u00e7ois"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T07:23:39.977Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-31T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-04-18T18:52:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3404",
"datePublished": "2025-04-19T07:23:39.977Z",
"dateReserved": "2025-04-07T10:27:00.760Z",
"dateUpdated": "2025-04-21T14:11:45.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6208 (GCVE-0-2024-6208)
Vulnerability from cvelistv5
Published
2024-07-31 12:43
Modified
2024-07-31 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.97 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:32:55.052771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:33:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.97",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_all_packages\u0027 shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the \u0027cols\u0027 parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T12:43:17.135Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L302"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L10"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3126662/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6208",
"datePublished": "2024-07-31T12:43:17.135Z",
"dateReserved": "2024-06-20T16:09:52.285Z",
"dateUpdated": "2024-07-31T16:33:02.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4001 (GCVE-0-2024-4001)
Vulnerability from cvelistv5
Published
2024-06-05 11:01
Modified
2024-08-01 20:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.93 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T14:45:47.635285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:45:54.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.93",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_modal_login_form\u0027 shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T11:01:58.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4001",
"datePublished": "2024-06-05T11:01:58.831Z",
"dateReserved": "2024-04-19T15:11:28.420Z",
"dateUpdated": "2024-08-01T20:26:57.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1985 (GCVE-0-2022-1985)
Vulnerability from cvelistv5
Published
2022-06-13 12:44
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.42 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2736071%40download-manager\u0026new=2736071%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.42",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the \u0027frameid\u0027 parameter found in the ~/src/Package/views/shortcode-iframe.php file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:40.216Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2736071%40download-manager\u0026new=2736071%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985"
},
{
"url": "https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-31T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-06-02T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1985",
"datePublished": "2022-06-13T12:44:35",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2101 (GCVE-0-2022-2101)
Vulnerability from cvelistv5
Published
2022-07-18 16:13
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file's page that will execute whenever an administrator accesses the editor area for the injected file page.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.46 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b399929a-db33-419f-9218-b86ee88a9f1a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167573/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2750339%40download-manager\u0026new=2750339%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.46",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file\u0027s page that will execute whenever an administrator accesses the editor area for the injected file page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:52.585Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b399929a-db33-419f-9218-b86ee88a9f1a?source=cve"
},
{
"url": "https://packetstormsecurity.com/files/167573/"
},
{
"url": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2750339%40download-manager\u0026new=2750339%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-21T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2101",
"datePublished": "2022-07-18T16:13:21",
"dateReserved": "2022-06-16T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2436 (GCVE-0-2022-2436)
Vulnerability from cvelistv5
Published
2022-09-06 17:18
Modified
2025-05-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Version: * ≤ 3.2.49 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:14.522322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:22.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.49",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027file[package_dir]\u0027 parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T15:06:08.142Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-17T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2436",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:19:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}